Nginx Proxy working!

Hoeky4 years ago

Here are the settings to get Traccar working in a Nginx proxy.

server {
    listen          IP:80;
    server_name     DOMAIN.COM;
location / {
        proxy_pass http://127.0.0.1:8082;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
location /api/socket {
        proxy_pass http://localhost:8082/api/socket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

}

Have fun with it!

Anton Tananaev4 years ago

Thanks for sharing this information.

renaud4 years ago

You should increase the timeouts for the socket connections, here is what I have but for https.


server {
        add_header      Cache-Control   no-cache;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload;";
        add_header x-frame-options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        listen 443;
        listen   [::]:443;

        expires 31d;
        ssl On;
        ssl_certificate fullcert_nokey.pem;
        ssl_certificate_key privkey.pem;
        server_name traccar.example.com;
        root /var/www/traccar;

        location / {
                proxy_pass http://127.0.0.1:8082/;
                proxy_set_header Host $host;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_buffering     off;
                proxy_connect_timeout 43200000;
                proxy_send_timeout    43200000;
                proxy_read_timeout    43200000;
                proxy_redirect off;
                proxy_set_header Proxy "";
        }
}
Zecman3 years ago

Hi all. I also would like to share my config. It is a bit more simple.

Before: Hosting multiple websites with nginx, SSL already set up. Traccar on the same machine as nginx.
After: Make Traccar available as a subfolder of an already existing domain.

Just add this section to your existing config:

      location /gps/ {
         proxy_pass http://127.0.0.1:8082/;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_read_timeout 600s;
      }

Put it right at the end of your server { ... <here>; } section. You do not need more if your server is already running and setup correctly. This works with nginx versions 1.3 and above

For security reasons I would also suggest, to change your Traccar's config file default.xml and add the following entry:
<entry key='web.address'>127.0.0.1</entry>
right below web.enalbe and above web.port.

This prevents users to directly connect to Traccar without the SSL from nginx.

Now you will be able to use Traccar with an url like https://<existing domain>/gps/

Anton: Maybe you want to add this to the general help section.

Anton Tananaev3 years ago

Thanks for sharing it, but I would prefer to keep this of forum for now to avoid maintenance overhead.

Petr Stastny3 years ago

I like the last config example and especially the idea of having a subfolder for traccar. Unfortunately we get HTTP 503 for /gps/api/socket when using the last configuration example. Any idea how to fix this?

192.168.100.93 - admin [09/Sep/2017:14:14:54 +0200] "GET /gps/api/socket HTTP/1.1" 503 99 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.113 Chrome/60.0.3112.113 Safari/537.36"

Adding a nginx configuration like this

location /gps/api/socket/ {
        proxy_pass http://localhost:8082/api/socket/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

only leads to HTTP 301 / Permanently moved for the /api/socket

192.168.100.93 - admin [09/Sep/2017:14:20:14 +0200] "GET /gps/api/socket HTTP/1.1" 301 184 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.113 Chrome/60.0.3112.113 Safari/537.36"

any further ideas how to fix this?

Zecman3 years ago

I tried a lot to get rid of any errors and warnings in the log and ended up with this:

      location /gps/ {
         proxy_set_header        Host                 $host;
         proxy_set_header        X-Forwarded-Host     $host;
         proxy_set_header        X-Forwarded-Server   $host;
         proxy_set_header        X-Real-IP            $remote_addr;
         proxy_set_header        X-Forwarded-For      $proxy_add_x_forwarded_for;

         proxy_set_header        Upgrade              $http_upgrade;
         proxy_set_header        Connection           "upgrade";
         proxy_http_version      1.1;

         proxy_cookie_path       /api /gps/api;

         proxy_redirect          http://127.0.0.1:8082/           /gps/;
         proxy_redirect          ws://127.0.0.1:8082/api/socket   /gps/api/socket;
         proxy_pass              http://127.0.0.1:8082/;

         proxy_read_timeout      600s;
      }

It's not as simple as my first post but works now very well for me. Also with the Android clients (tracker and management app).
Use <domain>.com/gps as server URL in the clients also.

Alejandro Rivas2 years ago

I dont understand why you add /api/socket

fmarkosa year ago

apache vhost change to your domain / LAN-ip:

<VirtualHost *:443>
ServerName gps.mydomain.com

ProxyPass /api/socket ws://10.0.0.13:8082/api/socket
ProxyPassReverse /api/socket ws://10.0.0.13:8082/api/socket

ProxyPass / http://10.0.0.13:8082/
ProxyPassReverse / http://10.0.0.13:8082/

ErrorLog ${APACHE_LOG_DIR}/gps-ssl_error.log
CustomLog ${APACHE_LOG_DIR}/gps-ssl_access.log combined
LogLevel error
</VirtualHost>
Edilon Carvalho 10 months ago

how do i install this service on ubunto and what file should i change with the settings you mentioned above for traccar. Someone would have a step by step.

Edilon Carvalho 7 months ago

Where do I put these parameters?